From a0e9ff3c5028ee4430957832d5eb793127970b93 Mon Sep 17 00:00:00 2001 From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com> Date: Mon, 15 Jan 2024 16:37:05 +0100 Subject: [PATCH 1/2] Externalized dependency-check --- .github/workflows/dependency-check.yml | 59 ++++---------------------- 1 file changed, 8 insertions(+), 51 deletions(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 6117013..e161568 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -10,54 +10,11 @@ on: jobs: check-dependencies: - name: Check dependencies - runs-on: windows-latest - steps: - - uses: actions/checkout@v4 - with: - show-progress: false - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: 17 - cache: 'maven' - - name: Cache NVD DB - uses: actions/cache@v3 - with: - path: ~/.m2/repository/org/owasp/dependency-check-data/ - key: dependency-check-${{ github.run_id }} - restore-keys: | - dependency-check - env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5 - - name: Run org.owasp:dependency-check plugin - id: dependency-check - continue-on-error: true - run: mvn -B validate -Pdependency-check - env: - NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - - name: Upload report on failure - if: steps.dependency-check.outcome == 'failure' - uses: actions/upload-artifact@v3 - with: - name: dependency-check-report - path: target/dependency-check-report.html - if-no-files-found: error - - name: Slack Notification on regular check - if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure' - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_USERNAME: 'Cryptobot' - SLACK_ICON: false - SLACK_ICON_EMOJI: ':bot:' - SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected." - SLACK_MESSAGE: "Download the for more details." - SLACK_FOOTER: false - MSG_MINIMAL: true - - name: Failing workflow on release branch - if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure' - shell: bash - run: exit 1 + uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@main + with: + runner-os: 'windows-latest' + java-distribution: 'temurin' + java-version: 17 + secrets: + nvd-api-key: ${{ secrets.NVD_API_KEY }} + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} From e59e377a0c058a7217d641917b09ab4eed4450e9 Mon Sep 17 00:00:00 2001 From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com> Date: Wed, 17 Jan 2024 18:29:50 +0100 Subject: [PATCH 2/2] Changed version specifier for dependency-check See: https://github.com/cryptomator/cryptofs/pull/202#discussion_r1453615249 --- .github/workflows/dependency-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index e161568..d0c8357 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -10,7 +10,7 @@ on: jobs: check-dependencies: - uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@main + uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1 with: runner-os: 'windows-latest' java-distribution: 'temurin'